Why Hansen Gress Replaced Two ITDRs with Petra
- 4
- Previously uncaught compromises surfaced while onboarding
- 11/11
- Attacks stopped in first 11 months without a single email accessed
- 4 min 1 sec
- Median time from attack to response
“Nobody's catching the stuff that Petra does, at the speed they do, with the clarity they give.”
Hansen Gress is an MSP headquartered in Juneau, Alaska, with active expansion across the Pacific Northwest and the lower 48. The firm protects Microsoft 365 environments spanning healthcare, professional services, public sector, fisheries, transportation, and financial services.
The Challenge
With the BEC threat landscape shifting, Hansen Gress realized their existing ITDR stack had major blindspots.
Hansen Gress had built its M365 identity coverage on Huntress ITDR, with Guardz and SecureWorks Taegis XDR rounding out the stack. For a long time the coverage held. As AiTM phishing kits and token-theft toolkits rewrote the BEC playbook, the gaps started to show.
Huntress ITDR missed attacks. So they turned on VPN alerts, which began firing high volumes of benign VPN-detection lockouts — 15 to 20 a month per client at minimum, peaking at 45 in a single month. Guardz alerts arrived days late with limited context, and the XDR layer wasn't catching identity attacks reliably.
A professional services client onboarded in November 2025 already had both Huntress and Guardz deployed. Neither had flagged anything. Petra found two active compromises, and a third that traced back to a wire fraud incident from June — with five months of attacker access that Huntress had never surfaced.
It was eye-opening to go head to head, and see Petra catch things that both Huntress and Guardz didn't catch.
Forensic Depth
Petra surfaced four previously uncaught compromises in a single overnight Scan.
The case that turned the team into vocal Petra advocates happened during a client onboarding. The client had been hit by a phishing-led compromise in mid-2025 under their previous internal IT lead. The internal team had blocked an anomalous session, but no one ever investigated what the attacker had touched.
Jeff installed Petra on a Friday night. By Saturday morning, Petra Scan had reconstructed the full picture, and four previously uncaught compromises were locked down with full forensic reports ready to hand to client leadership.
I spent Friday night trying to find this stuff in Purview, and the logs are absolutely terrible. By Saturday morning, I had a report from Petra that clearly showed me everything I needed. Typically a post-incident autopsy like that costs three to five thousand dollars. Our client got it as part of onboarding.
Detection and Response Speed
In Hansen Gress's first 11 months with Petra, attackers haven't accessed a single email.
Across 11 real-time responses, attackers were locked out before they touched anything: no emails accessed, no documents read or modified, and a median time to respond of just 4 minutes 1 second. The incidents covered the full range of modern M365 attack patterns — AiTM phishing logins from data center IPs, compromises masked behind Cloudflare proxies, and phishing campaigns weaponizing OneDrive and SharePoint links.
Operational Efficiency
Petra consolidated the identity stack and recovered help-desk capacity.
- The excessive 15-to-20 monthly VPN lockouts stopped
- No more conversations with company leadership about approving specific consumer VPN providers
- No more help-desk drag of pulling engineers off real work to unlock benign user accounts
Petra as the Standard
Petra is now the anchor of the Hansen Gress identity stack.
We just sunsetted Huntress ITDR. By the end of next month, Guardz is completely gone. The thing we're not touching is Petra. Petra is the anchor of our whole security stack.
Hansen Gress is a fast-growing Alaska-based MSP founded in 2005 by Jeremy Hansen and Tyler Gress, specializing in managed IT, technical help desk, cybersecurity, and networking. Visit hansengress.com.
More Stories
See what's in your last six months of logs.
Run six months of M365 logs through Petra and get insurance-grade forensics within 48 hours. Five minutes to set up with no sales call.

